Tuesday, December 30, 2014

Software Engineering Security Part 2: Secure Development

This article covers four general lifecycle areas: design, construction, test and vulnerability response. Developing secure software is complicated, but when broken down phase by phase, actionable plans can be created.

Design

Studies show that the cost of bugs increases drastically as the bugs progress through the lifecycle. This is especially true of security issues, which can be extremely expensive. Design-time security reviews, including threat modeling, can be very effective. Start simple. Identify assets. Identify the threats against these assets, then find mitigations against the threats. For example, configuration data is an asset. Loss of confidentiality or integrity of that data is a threat. The threat can be mitigated by using TLS to protect the data. Engineers and QA engineers should be involved and security test cases should be written based on the threats identified.

Construction

The design may be airtight, but the implementation may be poor. Use appropriate and effective tools during construction; peer review, unit testing, static code analysis, binary analysis, and enabling security features of the operating system (ASLR, stack protection).

Test

Consider each of the mitigations from the design review and write test cases that ensure design principles are not violated. Run one or more fuzz testing tools. Run any available security test tools against the software. Nothing is more embarrassing than a customer scanning their shiny new software and finding glaring security holes. Finally, consider running external penetration tests. Be sure to feed any vulnerabilities back into the lifecycle.

Vulnerability Response

This final phase is very important and cannot be overlooked. See my earlier article on vulnerability tracking. Define severity and policy in advance. Internal communication and external communication about vulnerabilities must be timely and correct.

A lifecycle is part of every development shop. Integrating security into each phase of the lifecycle will create a secure development lifecycle and greatly improve the security of the software.